MASSCAN: Mass IP port scanner
Git hub project https://github.com/robertdavidgraham/masscan
Overview
This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.
Its usage (parameters, output) is similar to nmap, the most famous port scanner. When in doubt, try one of those features -- features that support widespread scanning of many machines are supported, while in-depth scanning of single machines aren't.
Internally, it uses asynchronous transmission, similar to port scanners like scanrand, unicornscan, and ZMap. It's more flexible, allowing arbitrary port and address ranges.
NOTE: masscan uses its own ad hoc TCP/IP stack. Anything other than simple port scans may cause conflict with the local TCP/IP stack. This means you need to use either the --src-ip option to run from a different IP address, or use --src-port to configure which source ports masscan uses, then also configure the internal firewall (like pf or iptables) to firewall those ports from the rest of the operating system.
- FTP
- HTTP
- IMAP4
- memcached
- POP3
- SMTP
- SSH
- SSL
- SMBv1
- SMBv2
- Telnet
- RDP
- VNC
Usage
Usage is similar to nmap. To scan a network segment for some ports:
# masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112
This will:
- scan the
10.x.x.xsubnet, and2603:3001:2d00:da00::xsubnets - scans port 80 and the range 8000 to 8100, or 102 ports total, on both subnets
- print output to
<stdout>that can be redirected to a file
To see the complete list of options, use the --echo feature. This dumps the current configuration and exits. This output can be used as input back into the program:
# masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000